Page Loader
Hackers can make your device explode with a fast charger

Hackers can make your device explode with a fast charger

Jul 21, 2020
03:37 pm

What's the story

Fast chargers are a boon for people who prefer to power up their phones/laptops in quick and short charging sessions. They can easily restore a dying device to working condition in 15-20 minutes, but if a new report is anything to go by, the same power bricks can also pose a threat to your gadget, perhaps even your life. Here's how.

Issue

'BadPower' attack can misconfigure fast chargers

In a recent report, researchers from Tencent's Xuanwu Lab have warned that hackers can misconfigure the firmware of fast chargers to melt the internal components of connecting charging systems (phones/laptops) or to make them explode. They call the attack 'BadPower' and claim it could be carried out either using a special rig or a laptop/smartphone infected with malicious code (depending on the charger).

Working

Fast chargers use their firmware to work with compatible devices

Even though fast chargers look like normal power bricks, they carry a special firmware that matches the input capacity of the connected device to supply the right amount of power. For instance, if an eligible device is connected, the charger supplies 12V, 20V, or even more juice. But, in the case of an incompatible unit, it falls back to standard (and safe) 5V charging.

Details

BadPower changes charging parameters

As the researchers explained, when BadPower attack is carried out, the firmware of the targeted fast charger is corrupted and rendered ineffective. This way, the charger loses the parameters of giving the right amount of voltage and ends up overloading devices that can bear only so much power. That, ultimately, causes the devices' components to heat up, melt, or even burn.

Test

18 fast chargers were found vulnerable in test

To test their attack method, the researchers tried corrupting the firmware of 35 fast chargers. Out of these, 18 were found to be vulnerable to the attack, although the damage varied with connected devices and their charging capabilities. The researchers claimed that these vulnerable fast chargers came from 8 vendors who all have now been notified.

Prevention

How this attack could be prevented?

From the users' perspective, this scary attack can be prevented by making sure no unknown individual finds your fast charger. Meanwhile, tech companies, be it smartphone or notebook makers, can add more layers of protection to make sure that their charger firmware is not modified by threat attackers and devices remain shielded against charging overload.